CVE-2004-1097 in httpdinfo

Summary

Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/30/2004

Disclosure

01/10/2005

Moderation

VulDB entry created

Entries

VDB-23686 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

10.0

EPSS

0.04101

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1097
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1097
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1097/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!